ICANN, who would really like you to enable DNSSEC, has misconfigured DNSSEC on http://icann.com - the domain has signed records, but there is no DS record in the .com zone so the signatures don't actually do anything (except blow up the size of DNS responses, of course)
-
-
What is http://icann.com 's relationship to http://icann.org ? Does http://icann.org have DNSSEC set up correctly?
1 reply 0 retweets 0 likes -
ICANN owns and operates both domains. The .org appears to have correctly-configured DNSSEC (it's not obviously incorrect)
0 replies 0 retweets 1 like -
Replying to @0x6d696368 @__agwa and
Note that I'm not saying nice things about DNSSEC. I'm just saying that I thought ICANN lives at a .org, not a .com. However, I don't really follow where they live, so it was a question.
1 reply 0 retweets 0 likes
It appears the .com is just an HTTP redirect to their main .org site. I wouldn't have tweeted if they had simply not set up DNSSEC on a redirect-only domain. The problem is they tried to set it up, but botched it, showing that even DNSSEC experts get DNSSEC wrong.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.